ldap/servers - 389-commits - Fedora mailing-lists

1 Feb 2012

ldap/servers/slapd/proxyauth.c |   30 +++++++++++++++++-------------
 ldap/servers/slapd/slap.h      |    2 ++
 2 files changed, 19 insertions(+), 13 deletions(-)
New commits:
commit 5232b202fc2ddb529312d30304867d3ff470d3a2
Author: Mark Reynolds mareynol@redhat.com
Date:   Wed Feb 1 10:35:56 2012 -0500
Ticket #6 - protocol error from proxied auth operation
Bug Description:  Trying to perform a proxied auth operation leads to
                      a protocol error(err=2).
Fix Description:  ber_scanf() was rejecting the authdn value, becuase it
                      did not start with a octet string/char.  The fix was
                      to check for the octet string, and if it wasn't present
    		  then just use the value as it is.
https://fedorahosted.org/389/ticket/

diff --git a/ldap/servers/slapd/proxyauth.c b/ldap/servers/slapd/proxyauth.c
index 2230a31..fe36cf1 100644
--- a/ldap/servers/slapd/proxyauth.c
+++ b/ldap/servers/slapd/proxyauth.c
@@ -106,21 +106,25 @@ parse_LDAPProxyAuth(struct berval *spec_ber, int version, char **errtextp,
    	break;
    }
-	ber = ber_init(spec_ber);
-	if (!ber) {
-		break;
-	}
-
-	if ( version == 1 ) {
-		tag = ber_scanf(ber, "{a}", &spec->auth_dn);
+	if (version == 2 && (spec_ber->bv_val[0] != CHAR_OCTETSTRING)) {
+		/* This doesn't start with an octet string, so just use the actual value */
+		spec->auth_dn = slapi_ch_strdup(spec_ber->bv_val);
    } else {
-		tag = ber_scanf(ber, "a", &spec->auth_dn);
-	}
-	if (tag == LBER_ERROR) {
-		lderr = LDAP_PROTOCOL_ERROR;
-		break;
-	}
+		ber = ber_init(spec_ber);
+		if (!ber) {
+			break;
+		}
+		if ( version == 1 ) {
+			tag = ber_scanf(ber, "{a}", &spec->auth_dn);
+		} else {
+			tag = ber_scanf(ber, "a", &spec->auth_dn);
+		}
+		if (tag == LBER_ERROR) {
+			lderr = LDAP_PROTOCOL_ERROR;
+			break;
+		}
+	}
    /*
     * In version 2 of the control, the control value is actually an
     * authorization ID (see section 9 of RFC 2829).  We only support
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 86d954d..c6d342c 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2310,6 +2310,8 @@ extern char	*attr_dataversion;
 #define LDAP_VIRTUAL_LIST_VIEW_ERROR    0x4C      /* 76 */
 #endif
+#define CHAR_OCTETSTRING (char)0x04
+
 /* copied from replication/repl5.h */
 #define RUV_STORAGE_ENTRY_UNIQUEID "ffffffff-ffffffff-ffffffff-ffffffff"

    